Check IP of your favorite domain.
nc rivit.dev 10004
Discussion
If anybody face extreme problem !!! 1. use reverse engineering tool (Ghidra or binary ninja) , 2. After analyzing you will see , The program use the system call and use our input as it's argument/param without sanity check . For this , " command injection " can be applied 3. So , after nc in linux cat the flag ( ; cat flag.txt )
- For those who want a hint, Decompile the source code you will find what is happening under the hood,
- See what command it's trying to execute and learn about that command.
- After finding the command, try how can you inject commands with that
eazy if somebody needs help just let me know
the solution is soo dumb.. i was stuck at this challenge for 3 days.. thought of some complex stuff.. in 10 point challenge.. but no.. the answer is simple and very very dumb.. anyone wanting hints... well.. no hints do it yourself.. its very easy
btw.. nice challenge.. researched and learnt a lot.. Thankyou..
hint please
the solution is soo dumb.. i was stuck at this challenge for 3 days.. thought of some complex stuff.. in 10 point challenge.. but no.. the answer is simple and very very dumb.. anyone wanting hints... well.. no hints do it yourself.. its very easy
btw.. nice challenge.. researched and learnt a lot.. Thankyou..
3 weeks ago
No need of any extra tools. Just remember the type of exploits CFT crowd is using. Hint: Experiment with what are you typing in the prompt. This one is a good one for beginners.